| 发明名称 |
HARDWARE HEURISTIC-DRIVEN BINARY TRANSLATION-BASED EXECUTION ANALYSIS FOR RETURN-ORIENTED PROGRAMMING MALWARE DETECTION |
| 摘要 |
A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired. |
| 申请公布号 |
US2017116418(A1) |
申请公布日期 |
2017.04.27 |
| 申请号 |
US201514923184 |
申请日期 |
2015.10.26 |
| 申请人 |
McAfee, Inc. |
发明人 |
Shanmugavelayutham Palanivelrajan Rajan;Yamada Koichi;Sukhomlinov Vadim;Muttik Igor;Bazhaniuk Oleksandr;Bulygin Yuriy;Rubakha Dmitri;Mankin Jennifer Eligius;Woodward Carl D.;Varoglu Sevin F.;Mirkin Dima;Nayshtut Alex |
| 分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A machine readable medium, on which are stored instructions, comprising instructions that when executed cause a programmable device to:
configure a processor of the programmable device to detect code flow anomalies; receive an indication of a code flow anomaly from the processor; perform binary translation of a portion of an application corresponding to the code flow anomaly; and detect a return-oriented programming exploit responsive to the binary translation. |
| 地址 |
Santa Clara CA US |
